DarthRater
asked on
Install application via GPO based on closest DC
I am an asst. admin on environment where we have 10 DCs. To install applications via GPO, we have a GPO for every application, for every server. All apps are located from the sysvol folder.
I.E.
Cisco Any-connect Server1
Cisco Any-connect Server2
Cisco Any-connect Server3
Is there a way to have ONE GPO for each application and have the pushdown come from the closest authenticating server and not hard coded by absolute path?
I.E.
Cisco Any-connect Server1
Cisco Any-connect Server2
Cisco Any-connect Server3
Is there a way to have ONE GPO for each application and have the pushdown come from the closest authenticating server and not hard coded by absolute path?
SYSVOL is like DFS so the client is referencing \\domain\sysvol then it should already be choosing a relatively low cost SYSVOL instance. Cost is determined based on Site Link costs in AD Sites and Services.
Good point, and agreed. I overlooked that DarthRater is already using the SYSVOL share. So as you said, he should already be able to leverage DFS and site specific servers.
So instead of "hard coding" the GPO to install the app from (for example) \\dc1\sysvol , you would just use \\domain.local\sysvol and that would automatically choose a DC in your site or lowest cost alternative.
Make sense?
So instead of "hard coding" the GPO to install the app from (for example) \\dc1\sysvol , you would just use \\domain.local\sysvol and that would automatically choose a DC in your site or lowest cost alternative.
Make sense?
ASKER
I have DFS set up between two servers and a replication group to reflect them, but the GPO still pulled from the other offsite server and not the onsite one. What am I doing wrong?
Do you have the actual sites and subnets configured in AD? Are the DCs placed correctly in their respective sites? What is the UNC path you are using in the GPO?
ASKER
Is there a best practice you can guide me to? I'm sure this is not the optimum setup for what I'm trying to accomplish. Also, DFS aside isn't sysvol a type of DFS? In that I should be able to make a software install GPO and have it pull from the closest DC, corrrect?
IE \\domain.local\netlogon
Would the same sites and service idea still apply?
IE \\domain.local\netlogon
Would the same sites and service idea still apply?
You need to make sure that your subnet's are properly configured and applied.
You can have all those sites, but if you do not have a subnet linked to the site Sites and Service will really mean nothing.
If you do have it properly setup and you have a DC in each of the sites you want to deploy from you will need a UNC path like this %logonserver%\Sysvol\< application >
You can have all those sites, but if you do not have a subnet linked to the site Sites and Service will really mean nothing.
If you do have it properly setup and you have a DC in each of the sites you want to deploy from you will need a UNC path like this %logonserver%\Sysvol\< application >
ASKER
yo_bee, let's kiss and make up.
This was an excellent answer and it is getting me pointed int the right direction.
So, I think I get what you're saying. The subnets are populated in SandS, is this what determines what physical location the logonserver%\Sysvol pulls from and not the cost? The person who set this up has a clump of sites defined in several different sitelinks, and this causes the subnet schema to be all over the place.
I think if I re-define the site links and actually architect it by location I will get the result I'm looking for. Does the cost have anything to do with what we are doing here or is that just for regular replication?
I.E. if I have a site link with two sites what handles the load balancing between the two when I implement a software install via GPO?
This was an excellent answer and it is getting me pointed int the right direction.
So, I think I get what you're saying. The subnets are populated in SandS, is this what determines what physical location the logonserver%\Sysvol pulls from and not the cost? The person who set this up has a clump of sites defined in several different sitelinks, and this causes the subnet schema to be all over the place.
I think if I re-define the site links and actually architect it by location I will get the result I'm looking for. Does the cost have anything to do with what we are doing here or is that just for regular replication?
I.E. if I have a site link with two sites what handles the load balancing between the two when I implement a software install via GPO?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Really excellent and thorough, well thought out response.
Thank you.
Is someone kissing up now......:)
Is someone kissing up now......:)
ASKER
Nah, I just really appreciate a solid, targeted answer. I'm going to post another question along these lines if you want to participate.
Let me know what it is on this thread and I will look to see if I can assist
ASKER
I would like to give the opportunity for more points, since it is geared more towards the mechanism and not the problem.
https://www.experts-exchange.com/questions/27660674/Sysvol-Replication-or-How-I-Learned-To-Stop-Worrying-And-Love-The-NTDS.html
https://www.experts-exchange.com/questions/27660674/Sysvol-Replication-or-How-I-Learned-To-Stop-Worrying-And-Love-The-NTDS.html
Read this:
http://www.petri.co.il/planning-dfs-architecture-part-one.htm